CVE-2026-40451EPSS p6.4%

CVE-2026-40451CVE-2026-40451

Description

DeepL Chrome browser extension versions from v1.22.0 to v.1.23.0 contain a cross-site scripting vulnerability, which allows an attacker to execute arbitrary script in a user's browser, and inject malicious HTML into web pages viewed by the user.

Scoring

CVSS 6.1 ()
VectorCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS0.17% probability of exploitation · percentile 6.4% · 2026-06-19T12:03:05Z
Last modified2026-06-16
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.